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REMARKS 

In the Office Action of November 16, 2004, claims 1-22 stand rejected. In this response 
claims J, 5, 7, 8, 13, 14, 15, and 18 are amended. Reconsideration and allowance of all pending 
claims are respectfully requested in view of the following remarks. No new subject matter is 
being added by this response. 

L REJECTIONS UNDER 35 U.S.C. S 112 

Claims 15-18 stand rejected under 35 U.S.C. § 112, second paragraph, as being 
indefinite. Particularly the Examiner argues that the term "complete , set of packets" in claim 15 
is a relative term. Claim 15 has been amended to recite "checking the hold queue to determine 
if all the packets expected for a given record has arrived-" This amendment particularly points 
out the claimed invention. The rejection to claim 15, and its dependent claims 16-18, under 35 
U.S.C §1 12 should be withdrawn. 

IL REJECTION UNDER 35 U.S.C 8103 

To establish a prima facie case of obviousness under 35 U.S.C. § 103, three basic criteria 
must be met. First, there must be some suggestion or motivation, either in the references 
themselves or in the knowledge generally available to one of ordinary skill in the art, to modify 
the reference or to combine reference teachings. Second, there must be a reasonable expectation 
of success. Third, the cited prior art reference must teach or suggest all of the claim limitations. 
Furthermore, the suggestion to make the claimed combination and the reasonable expectation of 
success must both be found in the prior art, and not based upon the Applicants 5 disclosure. A 
failure to meet any one of these criteria is a failure to establish a prima facie case of obviousness, 
MPEP §2143. 

1. NARAD IN VIEW OF NORTEL. 

Claims 1, 3, 5-8, 10, 12, 13, and 21-22 stand rejected under 35 U.S.C. § 103(a) as 
unpatentable over U.S. Patent No. 6,157,955 to Narad (Narad) in view of "Using the Accelar 
710 Service Switch" published by Nortel (Nortel). The Examiner contends that Narad discloses 
all the limitations of the present invention except the use of the SSL protocol. The Examiner 
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further argues that Nortel discloses using the SSL protocol Therefore, the Examiner concludes 
that it would be obvious to one of skill in the art to combine the teachings of Narad with the use 
of the SSL protocol, as taught in NorteL 

Narad discloses a general purpose packet processing platform that uses a policy engine to 
transform inbound packets to outbound packets* Based on applications running on a policy 
processor, an inbound packet can be transmitted, decrypted, classified or have some other action 
performed on it. In Narad, the packets are received from and released to Ethernet connections. 
(See Figure 4). Thus, Narad is drawn to a device that operates at the local area network level, 
Nortel discloses a hardware switch that can process SSL traffic. Applicant respectfully traverses 
the rejection* for the reasons set forth below. 

a, THERE IS NO SUGGESTION OR MOTIVATION TO COMBINE 
THE CITED ART. 

First, the references teach away from the proposed combination, Narad explicitly teaches 
away from the use of switches to provide packet processing. (Column 3, lines 18-43). For 
example, Narad argues that switched-based packet processing is not cost effective, that switch- 
based processors lack processing power, and that porting applications to switches is difficult. 
The Nortel reference discloses a switch for use in SSL processing. Since Nortel teaches away 
from the use of switches to provide packet processing, one of skill in the art, when considering 
the teachings of Narad 9 would not consider Nortel since it deals with an approach that is 
criticized and disapproved by Narad. Since it is "improper to combine references where the 
references teach away from their combination" the combination of art is improper and the 
rejections based on this combination should be withdrawn. MPEP 2145 

Second, Narad teaches away from the present invention. Narad is critical of the use of 
fixed function appliances that perform one specific application, such as an appliance that only 
performs cryptological functions (such as an SSL proxy according to the present invention). 
While recognizing the efficiency of this approach, Narad argues that there are drawbacks, such 
as cost and scalability, which make this an inferior approach. (Column 2, lines 50-67), The 
addition of Nortel does not remedy the shortcomings of Narad. Therefore, the Narad/Nortel 
combination teaches away from the approach of the present invention, i.e., providing an SSL 
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proxy that performs one specific application. Therefore, the Examiner has failed to make a 
prima facie case of obviousness. 

b. THE NARAD/NORTEL COMBINATION FAILS TO TEACH OR 
SUGGEST ALL OF THE CLAIM LIMITATIONS. 

Additionally, the proposed Narad/Nortel combination fails to disclose, teach, or suggest 
"the SSL proxy operable to buffer the packets until a predetermined number of packets greater 
than one packet are received," The Examiner claims that Narad discloses buffering the packets 
by using a ring buffer. However, in Narad "a packet arrives into a buffer, gets processed, and 
then gets transmitted out the other port or gets dropped" (Column 30, lines 42-44). Further, 
Narad states that the receive buffer "is a 2KB structure which contains an Ethernet packet and 
information about that packet." (Column 19, lines 63-65). Thus, the buffer of Narad holds but 
one packet. The addition of Nortel fails to cure the shortcomings of Narad. Therefore, the 
proposed Narad/Nortel fails to teach all of the limitations of claim 1 . 

Considering amended claim 5, the Narad/Nortel combination feils to disclose, teach, or 
suggest that "the packets are sent by a client computer running a web browser and received by a 
server computer running a web server," The Examiner indicates this limitation can be found at 
column 6, lines 42-47, column 113, lines 41-55 and Figure 1. However, column 6, lines 42-47 
merely state that the invention of Narad receives a packet stream and transforms an inbound 
traffic scheme to an outbound traffic scheme. This section does not say where the packet came 
from or where it was being sent. Indeed, the packet could have been sent between two 
computers operating in a peer-to-peer format This section certainly does not disclose a web 
browser or web server. Column 113, lines 42-47 does discuss client and server, but says those 
terms are only loosely defined. Additionally, this section certainly does not disclose the use of a 
web browser or web server. Figure 1 does not show a client or server and certainly does not 
disclose the use of a web browser or web server. At most, Figure 1 shows packets are received, 
operated on and then sent out. The addition of Nortel fails to overcome the shortcomings of 
Narad. Therefore, the proposed Narad/Nortel combination fails to disclose teach or suggest all 
the limitations of claim 5. 

Considering claim 7 5 the Narad/Nortel combination fails to disclose, teach, or suggest 
that the proxy "performs encryption and decryption on packets using a single end-to-end TCP 
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connection between a client computer and a server and the source and destination address of the 
packets are unaltered", as amended, Narad discloses a special syntax designed to provide 
network address translation (changing the source and/or destination address of a packet). (See 
Column 15, lines 7-24). For example, the TCPSDNNat Class can create TCP NAT objects that 
rewrite the addresses in the IP header. (Column 125, lines 50-67). Not only does Narad provide 
for rewriting addresses at the IP header level> but Narad also encapsulates packets, which forces 
changes in the source and destination address of the packet. As recited in Narad, £t upon 
receiving a packet the RX MAC 220 or 228 places that packet at an offset." (Column 20, lines 
25-28 and Figure 7), Offsetting the packet offsets the header, which is an alteration to the source 
and destination address. Therefore, for at least this reason, claim 7 is in condition for allowance* 

Claims 3 and 5-7 depend from claim 1. Claim 1 is in condition for allowance. Therefore, 
for at least this reason, claims 3 and 5-7 are in condition for allowance. 

Independent claim 8 stands rejected based on the rejection of claim 1. Claim 8, as 
amended, recites in part, "a client computer running a web browser computer operable to initiate 
an SSL session" and "a server computer running a web server operable to support 
communications with the client computer." As discussed in conjunction with claim 5, the 
Narad/Nortel combination does not disclose this limitation. For at least this reason, claim 8 is in 
condition for allowance. 

Claims 10, 12 and 13 depend from allowable claim 8. Claim 8 is in condition for 
allowance. For at least these reasons claims 10, 12 and 13 are in condition for allowance. 
Additionally, claim 13, as amended, is allowable for the reasons discussed in conjunction with 
claim 7, 

Considering independent claim 21, claim 21 includes the limitation that the encrypted 
packets are sent "to the client computer without altering the destination or source address of the 
packets." As discussed in conjunction with claim 7, this limitation is not taught, disclosed or 
suggested by the Narad/Nortel combination. 

Claim 22 depends from claim 21. Claim 21 is in condition for allowance. Therefore, 
claim 22 is in condition for allowance. 
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2. NARAD AND NORTEL IN VIEW OF NETSCAPE. 

Claims 2 and 9 stand rejected as unpatentable over Narad and Nortel and further in view 
of Netscape. Claim 2 depends from claim 1 and claim 9 depends from claim 8. Claims I and 8 
are in condition for allowance; therefore, claims 2 and 9 are in condition for allowance, 

3. NARAD AND NORTEL IN VIEW OF BAKHTIARI* 

Claims 4 and 1 1 stand rejected as unpatentable over Narad and Nortel and further in view 
of Bakhtiari. Claim 4 depends from claim 1 and claim 1 1 depends from claim 8. Claims 1 and 8 
are in condition for allowance; therefore, claims 4 and 1 1 are in condition for allowance, 

4. NARAD AND NORTEL IN VIEW OF CACHEFLOW. 

Claims 14-18 stand rejected under Narad and Nortel and further in view of Cacheflow. 
Applicant respectfully traverses these rejections. 

Claim 14 includes the limitation that "SSL proxy buffers the packets until a 
predetermined number of packets arrive, then decrypts packets, and forwards the decrypted 
packets to the server." The Examiner indicates that Cacheftow discloses this limitation. The 
Cacheflow references, recites, in part, that fit when the web server receives the data, it then 
decrypts the received data per the negotiated parameter. It then applies caching rules to the 
response." It is unclear if the data referred to is a single packet or a. number of packets of data. 
What is clear, however, is that in Cacheflow the result is cached or saved. In claim 14 the 
decrypted packets are forwarded to the server. 

Additionally, Narad uses a system of buffering one packet to move the packets around 
from the gathering of the packets, to the classification of the packets, and to an application. As 
discussed in conjunction with claim 1, in Narad u a packet arrives into a buffer, gets processed, 
and then gets transmitted out the other port or gets dropped." (Column 30, lines 42-44). Further, 
Narad states that the receive buffer "is a 2KB structure which contains an Ethernet packet and 
information about that packet." (Column 19, lines 63-65), Thus, the buffer of Narad holds but 
one packet. To adopt the buffering of a predetermined amount would alter the way that Narad 
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works. Since the proposed modification would render Narad unsatisfactory for its intended 
purpose, there is no suggestion or motivation to make the proposed modification, (See In re 
Gordon, 733 F.2d 900, 221 USPQ 1125 (Fed. Cir. 1984)). Thus, this rejection should be 
withdrawn. 

Considering independent claim 15, claim 15, as amended, recites, in part, "checking the 
hold queue to determine if all packets expected for a given record have arrived; decrypting the 
encrypted portion of each packet once all packets expected for a given record have arrived; and 
outputting the decrypted packets to a server computer." Claim 15 stands rejected for the same 
reason as claim 14. Therefore, for the reasons discussed in conjunction with claim 14, claim 15 
is in condition for allowance. 

Considering claims 16-20, claims 16-20 depend from claim 15. Claim 15 is allowable. 
Therefore, for at least this reason, claims 16-20 are in condition for allowance. 

Additionally, claim 1 8 further defines the operation of the hold queue of claim 1 5. Since 
the NaradlNortellCacheflow combination failed to disclose a hold queue, claim 1 8 is in condition 
for allowance. 
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m. CONCLUSION 

For the foregoing reasons, the present application is believed to be in condition for 
allowance and favorable action is respectfully requested. The Examiner is invited to telephone 
the undersigned at the telephone number listed below if it would in any way advance prosecution 
of this case. 

While no other fees are believed due, the applicant hereby requests that any other 
required fee to maintain pendency of this case, except for the Issue Fee, be charged to Deposit 
Account 50-2091. 



Respectfully submitted, 
INGRASSIA FISHER & LORENZ 



Dated: February 15. 2005 



Alexander B.Ching 
Reg. No. 41,669 
(480) 385-5060 




Customer No. 29906 
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